Canada’s Michael Smith Genome Sciences Centre (GSC) at BC Cancer develops and deploys technologies in support of the life sciences, cancer research in particular. With state of the art sequencing instruments, data and computation platforms, the GSC can decode cancer genomes, epigenomes and transcriptomes and is poised to apply this knowledge for the direct benefit of cancer patients.
Being trusted with highly sensitive and confidential information, such as a patient’s DNA or proprietary research data, comes with significant responsibility—one that the GSC takes very seriously.
Hence the GSC is now ISO27001 certified—currently one of the only genome sequencing and bioinformatics facilities in Canada to comply with this comprehensive international standard for information security management systems.
“ISO certification means the processes and information technology security in place at the GSC ensure that data is safe,” said Dr. Steve Jones, GSC co-director and head of bioinformatics. “We work with extremely important information that we don’t necessarily want to get out into the world unless people consent to that. We want do the best that we can for the patients that we serve.”
The ISO 27001 standard addresses nearly everything related to information security across an organization. It looks at all of an organization’s information assets and guides the organization through a process of measuring the risks related to them. It involves calculating which risks need to be controlled and which are acceptable.
For any unacceptable risks, it must design and implement a comprehensive suite of controls, adopting an overarching management and documentation process that ensures and demonstrates the controls meet the organization’s information security needs on an ongoing basis.
When the GSC started processing patient data, the need for a stringent information security management system became clear. New processes for managing patient data were put in place. The Centre for Clinical Genomics at the GSC achieved College of American Pathologist (CAP) certification in 2011 for cancer gene panel testing, and just past its fifth CAP inspection on February 1, 2019.
“We already had many of the technical systems and tools in place to aim for ISO certification,” said Miruna Bala, quality systems group leader at the GSC. “But it was about a two and a half year process to get ready for the ISO audit.”
The ISO audit was conducted by a senior auditor with 25 years experience from SAI Global. It took five days with intensive interviews and extensive document and record verification to confirm that all requirements were met with zero non- conformance.